The Case for E-Mail Diversification

2011-09-29It should come as no surprise to our longer-term readers that International Man exists for two main reasons: 1) Living life as an International Man - treating the world as one big playground that offers virtually unlimited opportunities to achieve whatever you want. 2) Financial, personal and income diversification to limit jurisdictional risk. It's into this second category that today's feature article falls.

It should come as no surprise to our longer-term readers that International Man exists for two main reasons:

Living life as an International Man - treating the world as one big playground that offers virtually unlimited opportunities to achieve whatever you want.

Financial, personal and income diversification to limit jurisdictional risk.

It's into this second category that today's feature article falls.

Contrary to popular belief among mostly non-technical folk, the use of the Internet is anything but anonymous. In fact, without appropriate safeguards, everything you do can be tracked and traced right to you: every (private) e-mail you send, every web site you visit, every YouTube video you watch.

This is information that can then be used against you in legal proceedings, by identity thieves and/or by advertisers who custom tailor the ads you see.

That's why it's critically important to protect yourself online. And diversification can play a part. In today's feature, the founder of a unique "multi-flagged" e-mail service shares why you would be wise to consider taking your private digital communications overseas.

I get e-mails from people every week who want to go "offshore". They want to protect their wealth overseas. They want to get a second passport in order to travel more freely. They want more freedom, more privacy, and less interference from their government. And they send these e-mails from their free US-based e-mail account, or their local ISP e-mail service.

Here's my point: Using an e-mail account based in the US, UK, EU, or any other country with a "western government" is basically the same as sending every single piece of your confidential information through the mail written on a postcard for everyone to see - your mailman, your nosy neighbor, everyone.

And in this case, "everyone" includes governments that store and monitor virtually every piece of e-mail you send, advertising companies that 'read' through your messages looking for information to customize the advertising you receive, not to mention other malicious forces that would love to steal your identity for ill-gotten gains.

Needless to say, if you're looking for "freedom in an unfree world" - as least when it comes to e-mail privacy, you need to go overseas. You need to internationalize your inbox. That's what this article is all about.

Why Diversify Your E-mail Account?

Privacy: Not all jurisdictions are as flippant about your privacy as the US and other Western countries are. For instance, Swiss Internet privacy laws and the actions of its government to protect privacy online have been strong. In 2009, the Swiss Federal Data Protection and Information Commissioner prevented Google from implementing their Street View feature on privacy grounds. In 2010, the Swiss High Court ruled that a user's IP address is personal information and is protected by their strict privacy laws.

There are other jurisdictions that have strong privacy laws when it comes to digital content, but Switzerland is very good.

Legal Protection: When the government wants to get information about you from a domestic ISP or e-mail provider, they simply go straight to the provider with a subpoena that is often secret. You don't even know the government is investigating you. We saw an example of this with a subpoena to Twitter that was made public. When your e-mail is hosted in a foreign jurisdiction, however, things become more interesting. The domestic law enforcement agency must now work through the foreign legal system to serve the subpoena. While many governments have a Mutual Legal Assistance Treaty (MLAT) in force, this does not make the subpoena automatic. The foreign government may decide to block the subpoena. The e-mail provider can fight the subpoena using the laws in the jurisdiction where the data is located. In some cases, additionally in the jurisdiction where the provider is incorporated. This is rarely a private affair, especially in a country with strong privacy laws.

Couldn't I Just Use An Encrypted E-mail Service?

Some people believe that if you want real privacy, you need a service that will encrypt your e-mail for you. There are overseas e-mail services that will do this for you, like Hushmail. But encryption itself is not a protection against federal governments. The US government has proven at least twice that it can and will get access to the customer data of these sorts of services. Additionally, Hushmail is now associated with an NSA whistleblower and drug dealers. While you may see no issues with these activities, it puts the service and those who use it in the crosshairs of the law enforcement entities in which these activities are illegal.

What about an Anonymous Overseas E-mail Service?

There are even more people who believe the only real way to get privacy is to use a service that anonymizes all the information about the customer's e-mail. Scrubbing headers, removing names, using pseudonyms, etc. There are completely legitimate reasons why someone may want to use this type of service. Here are some examples provided by one provider, AnonymousSpeech:

express your political standpoint anonymously

anonymously report fraud

anonymously report sensitive information to the media

These are all great and legitimate reasons. However, it's also not what you might want to be doing with your regular e-mail account. Especially if you are a professional who is trying to build your name and reputation.

So what makes for the ideal private e-mail service?

Fully Diversified

It might sound strange, but you'll want to check and see if your e-mail provider is really diversified. Fastmail.fm is a good example. It's an Australian based e-mail provider owned by Opera Software, a Norwegian corporation. Fastmail.fm provides a very good, robust e-mail service at a good price. And given that they are based in Australia and the company that owns them is based in Norway, they must be offshore, right? WRONG.

You will want to check both the jurisdiction of incorporation and where the servers/data are located in order to make sure that the provider you choose is actually diversified appropriately for your internationalization needs. Regardless of where you live, neither part of your chosen provider should be located in the European Union or in the United States. If either part is, you are subject to laws like the Patriot Act in the US, or the data retention policies that the EU has implemented.

Multiple Flags

Just as you look to plant multiple flags to reduce risk, your e-mail provider can do so as well. A provider who has distributed their business internationally is better able to cope if any given jurisdiction becomes unfavorable.

In the case of our service, Jumpmail, we took a cue from other successful overseas providers and built our business to be internationally distributed in favorable jurisdictions. Our parent company is incorporated in Hong Kong. Our servers are based in Switzerland. Our domain name services are provisioned in Canada. Our domain name's TLD is in Colombia. We use a service in Israel for our secure certificates. All of this was done in order to reduce overall risk to the system.

Know Who You Are Doing Business With

Trust is a big factor when evaluating any provider. This is no exception. See if you can find out who the directors/owners are, and if they are involved in the internationalization community. Get references from people you trust.

Security as a Foundation

E-mail is a big target for hackers, professional and otherwise. Ensure the service you choose is serious about security. Check for any information about security steps they take and any audits to which they have subjected themselves.

In our own company, we chose a base system (Enterprise Linux) that is known for its reliability and actively update systems to keep it that way. We enable Security Enhanced Linux (SELinux), the same strong security feature used in military and intelligence systems, to protect every part of the system. Like the bulkheads on a ship, SELinux defends against attacks and isolates parts of the system if a compromise occurs. We get third-party verification in the form of a security audit to make sure we have not missed anything.

If you aren't technically minded, I recommend having a friend that is do the asking for you. Think of the type of information you are sending via E-Mail. Evaluate how important to your character or business it is to keep that private. This is probably the single most important factor in selecting a safe and secure provider, and you need to take it seriously.

More Than Just E-Mail

Even the free services provide more than just e-mail. Calendaring, contact management, even task management are available from GMail, Yahoo, and others. Any good E-Mail service will offer this as well.

The Next Steps

First off, if you haven't already, review your existing provider. Does it have the attributes required to be considered a secure and private e-mail system? Or, is there something that might make your personal and business communications public knowledge?

If so, consider exploring other options.

[If you don't have a strategy for dealing with the dangers of the online world, download our Online Privacy report, which will share some common sense steps you can take to protect yourself and your family from the dark side of the Internet. Available to International Man Network Members. If you are not yet a member, you can join here.]

About the Author: Kyle Gonzales is a self-taught, self-made business professional with 13 years of experience in the IT industry. Over that time, he has assumed leadership positions ranging from corporate networking to technical sales. In 2011 he launched JumpShip Services, a firm that offers "multi-flagged" e-mail solutions that offer enhanced security, privacy and peace of mind for your digital communications.